mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (MESOS-2842) Update FrameworkInfo.principal on framework re-registration
Date Tue, 14 Feb 2017 01:26:41 GMT

    [ https://issues.apache.org/jira/browse/MESOS-2842?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15864835#comment-15864835
] 

Adam B edited comment on MESOS-2842 at 2/14/17 1:26 AM:
--------------------------------------------------------

Even if we don't support changing a role, it should fail framework registration, not crash
the master.
I'm escalating this to Critical, since a misbehaving framework should not be able to crash
the master. (or maybe that's a separate issue?)


was (Author: adam-mesos):
Even if we don't support changing a role, it should fail framework registration, not crash
the master.
I'm escalating this to Critical, since a misbehaving framework should not be able to crash
the master.

> Update FrameworkInfo.principal on framework re-registration
> -----------------------------------------------------------
>
>                 Key: MESOS-2842
>                 URL: https://issues.apache.org/jira/browse/MESOS-2842
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Vinod Kone
>            Priority: Critical
>              Labels: security
>
> From the design doc:
> This is a bit involved because ‘principal’ is used for authentication and rate limiting.
> The authentication part is straightforward because a framework with updated ‘principal’
should authenticate with the new ‘principal’ before being allowed to re-register. The
‘authenticated’ map already gets updated when the framework disconnects and reconnects,
so it is fine.
> For rate limiting, Master:failoverFramework() needs to be changed to update the principal
in ‘frameworks.principals’ map and also remove the metrics for the old principal if there
are no other frameworks with this principal (similar to what we do in Master::removeFramework()).
> The Master::visit() and Master::_visit() should work with the current semantics.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message